CompTIA CySA+ (CS0-002) — Question 243

Which of the following is the best method to ensure secure boot UEFI features are enabled to prevent boot malware?

Answer options

• A. Enable secure boot in the hardware and reload the operating system.
• B. Reconfigure the system's MBR and enable NTFS.
• C. Set UEFI to legacy mode and enable security features.
• D. Convert the legacy partition table to UEFI and repair the operating system.

Correct answer: A

Explanation

The best approach is to enable secure boot in the hardware settings and then reload the operating system, as this ensures that only trusted software is loaded at boot time. Options B and D do not address secure boot directly, focusing instead on file systems or partitioning, while option C contradicts the goal by switching to legacy mode, which does not support secure boot features.